You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/partials/networking-services/mnm/rules/static-threshold.mdx
+10-9Lines changed: 10 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,6 +3,7 @@ params:
3
3
- productName
4
4
- autoAdvertiseURL
5
5
- ruleIpPrefixesURL
6
+
- rulesURL
6
7
---
7
8
8
9
import { DashButton } from"~/components";
@@ -29,13 +30,13 @@ You can visit the [API documentation](/api/resources/magic_network_monitoring/su
29
30
30
31
## Recommended rule configuration
31
32
32
-
You can create [Magic Network Monitoring rules](/magic-network-monitoring/rules/) to monitor the traffic volume of your network for a set of IP prefixes and / or IP addresses. The traffic volume threshold for these rules is also set by you. If the traffic volume threshold is crossed, Magic Network Monitoring will send an alert via email, webhook, or PagerDuty.
33
+
You can create <ahref={props.rulesURL}>{props.productName}rules</a> to monitor the traffic volume of your network for a set of IP prefixes and / or IP addresses. The traffic volume threshold for these rules is also set by you. If the traffic volume threshold is crossed, {props.productName} will send an alert via email, webhook, or PagerDuty.
33
34
34
-
Follow the guidelines outlined in this page to create appropriate Magic Network Monitoring rules and set accurate rule thresholds.
35
+
Follow the guidelines outlined in this page to create appropriate {props.productName} rules and set accurate rule thresholds.
35
36
36
37
### Rule IP prefixes
37
38
38
-
Cloudflare recommends that customers start by creating one Magic Network Monitoring rule for each public `/24` IP prefix within their network. It is helpful to include the range of the `/24` IP prefix to make it easier to find and filter for the rule in Magic Network Monitoring analytics.
39
+
Cloudflare recommends that customers start by creating one {props.productName}rule for each public `/24` IP prefix within their network. It is helpful to include the range of the `/24` IP prefix to make it easier to find and filter for the rule in {props.productName} analytics.
39
40
40
41
As you become more familiar with the traffic patterns across each IP prefix, we encourage you to create more complex rules with IP prefixes that are smaller or larger than a `/24` prefix depending on your needs. You can also combine and monitor multiple IP prefixes within the same rule.
41
42
@@ -45,9 +46,9 @@ Follow the steps below to configure appropriate rule thresholds.
45
46
46
47
#### Initial rule configuration
47
48
48
-
When you initially configure Magic Network Monitoring, you may not know the typical traffic volume patterns across each of your IP prefixes. Cloudflare recommends that you set a high rule threshold of either 10 Gbps (gigabits per second) or 10 Mpps (million packets per second) that is unlikely to be crossed during initial configuration.
49
+
When you initially configure {props.productName}, you may not know the typical traffic volume patterns across each of your IP prefixes. Cloudflare recommends that you set a high rule threshold of either 10 Gbps (gigabits per second) or 10 Mpps (million packets per second) that is unlikely to be crossed during initial configuration.
49
50
50
-
This will allow you to collect initial information about the typical traffic volume for a Magic Network Monitoring rule without receiving any alerts. After you have collected and analyzed the historical traffic data for an Magic Network Monitoring rule, the threshold should be adjusted to an appropriate value.
51
+
This will allow you to collect initial information about the typical traffic volume for a {props.productName}rule without receiving any alerts. After you have collected and analyzed the historical traffic data for an {props.productName} rule, the threshold should be adjusted to an appropriate value.
51
52
52
53
| Threshold type | Recommended rule threshold to collect initial data |
53
54
| :---- | :---- |
@@ -58,7 +59,7 @@ This will allow you to collect initial information about the typical traffic vol
58
59
59
60
After creating the initial set of rules to monitor your network traffic, you should collect 14-30 days of historical traffic volume data for each rule.
60
61
61
-
Cloudflare recommends that new customers set a rule threshold that is two times larger than the maximum non-attack traffic observed for a one minute time interval within an Magic Network Monitoring rule.
62
+
Cloudflare recommends that new customers set a rule threshold that is two times larger than the maximum non-attack traffic observed for a one minute time interval within an {props.productName} rule.
62
63
63
64
To find the maximum non-attack traffic for a one minute time interval over the past 14-30 days, you can filter for the specific rule you want to analyze. To do that:
64
65
@@ -73,16 +74,16 @@ To find the maximum non-attack traffic for a one minute time interval over the p
73
74
| :---- | :---- | :---- |
74
75
|_Monitoring Rule_|_equals_|`<RULE_NAME>`|
75
76
76
-
Once the rule filter is selected in Magic Network Monitoring Analytics, you can check the historical traffic volume data for the rule over the selected time period. We recommend that you check your historical traffic volume data in increments of seven days since that is the largest window that shows one hour time intervals. You can select a custom seven-day time range in Magic Network Monitoring Analytics by going to the top right corner of Magic Network Monitoring analytics, opening the time window dropdown, and selecting **Custom range**.
77
+
Once the rule filter is selected in {props.productName}Analytics, you can check the historical traffic volume data for the rule over the selected time period. We recommend that you check your historical traffic volume data in increments of seven days since that is the largest window that shows one hour time intervals. You can select a custom seven-day time range in {props.productName}Analytics by going to the top right corner of {props.productName} analytics, opening the time window dropdown, and selecting **Custom range**.
77
78
78
79
You should review the selected seven-day time range and identify the largest traffic volume peak. Then, click and drag on the largest traffic peak to view the traffic volume data for a smaller time window. Continue until you are viewing the traffic volume data in one-minute intervals.
79
80
80
-
Record the largest traffic volume peak for the rule in a spreadsheet, then repeat this process across 14-30 days of data. The rule threshold should be updated to be two times the largest traffic spike for a one minute time interval across 14-30 days of data. You should go through this process to set the threshold for each Magic Network Monitoring rule.
81
+
Record the largest traffic volume peak for the rule in a spreadsheet, then repeat this process across 14-30 days of data. The rule threshold should be updated to be two times the largest traffic spike for a one minute time interval across 14-30 days of data. You should go through this process to set the threshold for each {props.productName} rule.
81
82
82
83
### Rule duration
83
84
84
85
Your IP prefixes may experience inconsistent spikes in traffic volume across one minute time intervals. We recommend that you set a rule duration of 120 seconds or greater to reduce false positive alerts on short-term non-malicious traffic spikes. A rule duration of 120 seconds means that the traffic volume must be above the rule threshold for 120 seconds before an alert is fired.
85
86
86
87
### Adjusting rules over time
87
88
88
-
After you update your first set of rule thresholds based on historical traffic data, it will be important to monitor for Magic Network Monitoring alerts to check if the rule thresholds are appropriate. Customers are encouraged to adjust the rule thresholds and the duration over time to find the ideal alert sensitivity level for their specific network environment.
89
+
After you update your first set of rule thresholds based on historical traffic data, it will be important to monitor for {props.productName} alerts to check if the rule thresholds are appropriate. Customers are encouraged to adjust the rule thresholds and the duration over time to find the ideal alert sensitivity level for their specific network environment.
0 commit comments